Information Security is ensuring the IAC triad. However, it goes beyond Integrity, Availability & Confidentiality.
It is multi-inter-disciplinary that communicates with Business Strategy, Information Technology & Securing the Information across the organisation.
Please be informed that Information Security is a superset of Information Technology because securing information could be beyond the Infrastructure as well.
Information Security is a C-Level or Board issue rather than a typical IT concern.
Assessing the Security gaps either in the IT Infrastructure or Apps is Vulnerability Assessment or Analysis.
Validating the Vulnerabilities by performing Credentialed or Authenticated Scanning to go deeper into the vulnerabilities and isolating it from the False-Positives is the final phase of Vulnerability Assessment.
Reporting & Mitigating to the respective IT stakeholders is Vulnerability Management.
Penetration Testing is the art of performing exploitation under controlled environment to know the multiple attack vectors of a malicious hacker